<?php
	SESSION_START();
	include_once("conn.php");
	$username = $_POST["username"];
	$password = $_POST["password"];

	$action = $_POST["action"];
	
	if($action == "login"){
		
		$username = stripslashes(trim($username));
		$password = stripslashes(trim($password));
		if(empty($username))
		{
			echo "用户名不能为空";
			exit;
		}
		if(empty($password))
		{
			echo "密码不能为空";
			exit;
		}
		$query = "select * from bbs_user where u_name='".$username."' && u_password ='".$password."'";
		$result = mysql_query($query);
		$row = mysql_fetch_array($result);
		if(!empty($row))
		{
			$_SESSION["current_user"] = $row["u_name"];
			//$_SESSION["login_time"] = $row["lastlogintime"];
			$ip = $_SERVER["REMOTE_ADDR"];
			date_default_timezone_set("PRC");
			$login_time = date("Y-m-d H:i:s",time());

			$sql = "update bbs_user set u_lastlogintime = '".$login_time."',u_lastloginip ='".$ip."' where u_name = '".$username."'";
			$result = mysql_query($sql);

			if($result)
			{
				$re["login_time"] = date("Y-m-d H:i:s",$login_time);
				$re["msg"] = "登录成功";
				$re["success"] = 1;
				$re["name"] = $username;
				//$_SESSION["current_user"] = $username;
			}
			else {
				$re['msg'] = "用户名或密码错误";
				$re["success"] = 0;
			}

			echo json_encode($re);

		}

		
	}

	else if($action == "logout" )
	{
		unset($_SESSION);
		session_destroy();
	}

/*
	$query = "select * from bbs_user where u_name = '".$username."' && u_password = '".$password."';" ;
	$result = mysql_query($query);
	if($result)
	{

		while( $arr = mysql_fetch_array($result) )
		{
			$user["name"] = $arr["u_name"];
			$user["id"] = $arr["u_id"];
		}

		echo json_encode($user);
	}

*/

?>